puppet学习二

一、备份

　　在puppet备份过程中，可能想将备份文件放在master端、或client端、或client端当前目录，现分别总结如下：

　　1.将文件备份在client端

　　在master中，site.pp文件如下

filebucket { main: 
    server => "puppet.i.ajkdns.com"
}

# global defaults
File { backup => main }

　　module中的init.pp如下。

class yum::repos {

package { yum:
    ensure =>installed,
        }

file { "/etc/yum.repos.d/":
    ensure  => directory,
    recurse => true,
    purge   => true,
    force   => true,
    owner   => 'root',
    group   => 'root',
    mode    => '644',
    replace => "yes",
    require => Package["yum"],
      }

file {
        "centos_new":
        ensure => present,
        name    => "/etc/yum.repos.d/centos_new.repo",
        content => template("yum/centos.repo.erb"),
        notify  => Exec["yum-clean"];
    }
}

　　在client端执行

# puppet agent -t
Notice: Ignoring --listen on onetime run
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/cache_dir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/sibling_idc10.rb
Info: Loading facts in /var/lib/puppet/lib/facter/half_mem.rb
Info: Loading facts in /var/lib/puppet/lib/facter/sibling_idc02.rb
Info: Caching catalog for one-594.i.ajkdns.com
Info: Applying configuration version '1375783756'
Info: FileBucket adding {md5}1bfcad49b3ffab391d5303ba58d26b64
Info: /File[/etc/yum.repos.d/rh.repo]: Filebucketed /etc/yum.repos.d/rh.repo to main with sum 1bfcad49b3ffab391d5303ba58d26b64
Notice: /File[/etc/yum.repos.d/rh.repo]/ensure: removed
Notice: Finished catalog run in 0.21 seconds

　　在client端的/var/lib/puppet/clientbucket中，察看结构。

[root@one-594 yum.repos.d]# cd /var/lib/puppet/bucket/clientbucket
[root@one-594 clientbucket]# tree 1
1
`-- b
    `-- f
        `-- c
            `-- a
                `-- d
                    `-- 4
                        `-- 9
                            `-- 1bfcad49b3ffab391d5303ba58d26b64
                                |-- contents
                                `-- paths

8 directories, 2 files

 

　　2.如果想将备份文件放在master中呢？

　　修改master端的site.pp，添加path => false

filebucket { main: 
    server => "puppet.i.ajkdns.com",
    path => false
}

# global defaults
File { backup => main }

　　在client端执行命令：

[root@one-594 yum.repos.d]# puppet agent -t
Notice: Ignoring --listen on onetime run
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/cache_dir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/sibling_idc10.rb
Info: Loading facts in /var/lib/puppet/lib/facter/half_mem.rb
Info: Loading facts in /var/lib/puppet/lib/facter/sibling_idc02.rb
Info: Caching catalog for one-594.i.ajkdns.com
Info: Applying configuration version '1375784457'
Info: /File[/etc/yum.repos.d/test.repo]: Filebucketed /etc/yum.repos.d/test.repo to main with sum 1bfcad49b3ffab391d5303ba58d26b64
Notice: /File[/etc/yum.repos.d/test.repo]/ensure: removed
Notice: Finished catalog run in 0.48 seconds

 　　在master端的/var/lib/puppet/bucket下，察看文件

# cd /var/lib/puppet/bucket/
# ls
1
# tree .
.
`-- 1
    `-- b
        `-- f
            `-- c
                `-- a
                    `-- d
                        `-- 4
                            `-- 9
                                `-- 1bfcad49b3ffab391d5303ba58d26b64
                                    |-- contents
                                    `-- paths

9 directories, 2 files

　　

　　3.如果想将文件备份在client端的当前目录，则只需在backup 的值中添加“.”（如backup => “.bak”)。

 

二、主动推送--puppet kick

　　puppet客户端默认每30min和服务器通信一次，但有些紧急的任务需要及时更新，可能我们会在客户端输入指令

# puppet agent -t

　　但如果需要更新的客户端数量众多怎么办？有没有方法让我们避免在每个客户端都执行如上指令呢？

　　这里我们可以在服务器端主动推送信息给客户端，现在主动推送操作是借助于MCollective,MCollective的安装较繁琐。这里暂时使用puppet kick这个命令。

　　在使用puppet kick之前，客户端需要做如下配置

（1）编辑/etc/puppet/puppet.conf，添加“listen = true”，让puppet监听8139端口

[agent]
...
listen = true

（2）编辑/etc/puppet/namespaceauth.conf，添加如下信息

[puppetrunner] 
allow master名

（3）编辑auth.conf，在“path /”前添加如下信息。

path /run 
method save
allow *

# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any

　　配置完成后，在服务器端输入推送指令即可推送，如

# puppet kick -p 10 host1 host2   //推送到指定host

# puppet kick -p 10 -a            //推送到所有host

 

报错：

　　在使用puppet kick时，提示错误如下：

Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Finished

　　关于warning1，翻阅官方文档，可以发现puppet kick被Mcollective方法替代，但仍可以使用。

puppet kick mode -- this still works (as of 3.0.1) but emits a warning. We really think if you want central push/triggered execution, you ought to 
be using Mcollective, so puppet kick is deprecated - See more at: http://puppetlabs.com/blog/say-hello-to-puppet-3/#sthash.QaBj2v6r.dpuf

　　关于warning2，提示没找到LDAP的lib库。

 　　下载ruby/LDAP安装

# wget http://sourceforge.net/projects/ruby-ldap/files/latest/download

　　再安装ruby/ldap之前，需安装OpenLDAP，参考安装OpenLDAP。　

修改etc/openldap/slapd.conf

　　在安装过程中遇到问题：

$ env CPPFLAGS='-I/usr/local/BerkeleyDB.6.0/include' LDFLAGS='-L/usr/local/BerkeleyDB.6.0/lib' ./configure --prefix=/home/maming/software/openldap --enable-ldbm
...
checking for Berkeley DB link (-ldb)... yes
checking for Berkeley DB library and header version match... no
configure: error: Berkeley DB version mismatch

　　提示版本不匹配。

　　如果出现这个错误，

　　可先

　　export LD_LIBRARY_PATH="<BerkelyDB Directory path>/build_unix/.libs

　　如果仍然出现错误，可将BerkeleyDB中的lib文件夹拷贝到/usr/lib下，include文件夹拷贝到/usr/include下，然后重新configure。